Closes #245: Add GCP Bulletins (#246)

* Closes #245: Add GCP Bulletins * Update and rename gcp-dropped-cloudarmor-policy.yaml to gcp-2021-019.yaml * Update and rename gcp-anthos-predictable-seed.yaml to gcp-2021-022.yaml * Update and rename gcp-cloudsql-tempdb-privesc.yaml to gcp-2023-007.yaml * Update and rename gcp-gke-autopilot-privesc.yaml to gcp-2022-009.yaml * Delete vulnerabilities/gcp-2022-009.yaml Duplicate of https://www.cloudvulndb.org/gke-autopilot-allowlist * Update and rename gcp-gke-hyperthreading.yaml to gcp-2022-011.yaml --------- Co-authored-by: Amitai Cohen <[email protected]>
wiz-sec · Nov 2, 2023 · 6b8cb0b · 6b8cb0b · github-actions · Nov 2, 2023
1 parent a9eb585
commit 6b8cb0b
Show file tree

Hide file tree

Showing 4 changed files with 121 additions and 0 deletions.
diff --git a/vulnerabilities/gcp-2021-019.yaml b/vulnerabilities/gcp-2021-019.yaml
@@ -0,0 +1,30 @@
+title: Dropped active Google Cloud Armor security policy
+slug: gcp-2021-019
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Cloud Armor
+image: https://images.unsplash.com/photo-1607217237228-a8b69908bad6?ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D&auto=format&fit=crop&w=3270&q=80
+severity: Low
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2021/09/29
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  There is a known issue where updating a BackendConfig resource
+  using the v1beta1 API removes an active Google Cloud Armor 
+  security policy from its service. If you do not configure Google Cloud Armor
+  on your Ingress resources via the BackendConfig, then this issue does not affect your clusters.
+manualRemediation: |
+  Dropped Cloud Armor security policies must be manually reattached. 
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2021-019
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2021-019
diff --git a/vulnerabilities/gcp-2021-022.yaml b/vulnerabilities/gcp-2021-022.yaml
@@ -0,0 +1,30 @@
+title: Predictible seed in Anthos Identity Service LDAP module
+slug: gcp-2021-022
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Anthos
+image: https://images.unsplash.com/photo-1458014854819-1a40aa70211c?auto=format&fit=crop&q=80&w=2070&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D
+severity: Low
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2021/09/22
+exploitabilityPeriod: Ongoing
+knownITWExploitation: null
+summary: |
+  A vulnerability was discovered in the Anthos Identity Service (AIS) LDAP module
+  of Anthos clusters on VMware versions 1.8 and 1.8.1 where a seed key used in generating
+  keys is predictable. With this vulnerability, an authenticated user could add arbitrary
+  claims and escalate privileges indefinitely.
+manualRemediation: |
+  Upgrade your clusters to version 1.8.2.
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2021-022
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2021-022
diff --git a/vulnerabilities/gcp-2022-011.yaml b/vulnerabilities/gcp-2022-011.yaml
@@ -0,0 +1,30 @@
+title: GKE Sandbox side channel attack
+slug: gcp-2022-011
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- GKE Sandbox
+image: https://images.pexels.com/photos/5371573/pexels-photo-5371573.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=2
+severity: Medium
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2022/03/22
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  There was a misconfiguration with Simultaneous Multi-Threading (SMT),
+  also known as Hyper-threading, in GKE Sandbox images, causing nodes
+  to be potentially exposed to side channel attacks such as
+  Microarchitectural Data Sampling (MDS).
+manualRemediation: |
+  Upgrade nodes to versions 1.22.6-gke.1500 and later or 1.23.3-gke.1100 and later.
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#gcp-2022-011
+- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-011
diff --git a/vulnerabilities/gcp-2023-007.yaml b/vulnerabilities/gcp-2023-007.yaml
@@ -0,0 +1,31 @@
+title: Privilege escalation in GCP Cloud SQL
+slug: gcp-2023-007
+cves: null
+affectedPlatforms:
+- GCP
+affectedServices:
+- Cloud SQL
+image: https://images.unsplash.com/photo-1544383835-bda2bc66a55d?auto=format&fit=crop&q=80&w=2036&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D
+severity: Medium
+discoveredBy:
+  name: null
+  org: null
+  domain: null
+  twitter: null
+disclosedAt: null
+publishedAt: 2023/06/02
+exploitabilityPeriod: null
+knownITWExploitation: null
+summary: |
+  A vulnerability was discovered in Cloud SQL for SQL Server
+  that allowed customer administrator accounts to create triggers 
+  in the tempdb database and use those to gain sysadmin privileges in the instance. 
+  The sysadmin privileges would give the attacker access to system databases
+  and partial access to the machine running that SQL Server instance.
+manualRemediation: |
+  None required
+detectionMethods: null
+contributor: https://github.com/ramimac
+references:
+- https://cloud.google.com/support/bulletins#GCP-2023-007
+- https://cloud.google.com/sql/docs/security-bulletins#gcp-2023-007
Dictionary	Entries	Covers	Uniquely
cspell:npm/dict/npm.txt	302	1
cspell:django/dict/django.txt	393	1